Institute of Internal Auditors: Business and auditing impacts of new technologies;

Page 1

The Institute of Internal Auditors Business and Auditing Impacts of New Technologies
Charles H. Le Grand
Certified Internal Auditor
New developments in the regulatory, professional, and technology realms are among the most powerful influences on businesses today. As organizations struggle to compete and remain viable in a global economy, management at all levels finds the need for increased skills and new competencies. Auditors too struggle with issues impacting the auditing profession, audit services rendered and the expectations of those relying on audit services.
New technologies introduce powerful capabilities to any staff member. Activities previously reserved for technical experts or skilled clerical staff are now among the growing responsibilities of middle and upper management. Technical details of how enterprise communications systems are set up, monitored and maintained can have major impacts on an organizations continuing ability to stay in business. Thus, it is no longer sufficient to leave such details to specialists, whether this statement is made about auditors or about activities subject to auditing.
THE CONCEPT OF AUDITABILITY
Auditability is a central concept for any process or system wherein it is important to rely on the products or results. To assure auditability a system must provide proof that its results are reliable, and must have features such that an independent, objective review of transactions processed, data stored, and output provided can identify sufficient reliable evidence of continuous security, accuracy, privacy, and availability of information. System auditability features must be required at all levels in an organization and across organizational boundaries in order to extend appropriate assurances to any stakeholder in the organization.
Auditability objectives must be stated by management expressing specific responsibilities for the results of system processing. The auditing profession acknowledges that audit and control concerns extend beyond the realm of accounting and financial reporting to encompass the many issues and subject areas potentially impacting the viability of an organization or the ability to accomplish an organization's objectives. The structure of internal controls therefore must meet control and auditability objectives across a broad spectrum. Auditability objectives for the internal control structure can be identified at three levels: Governance, Assessment and Reporting, and Technology.
Governance
Boards of Directors, Audit Committees, Senior Management: Senior and board level management expect auditability to assure effective information for governance. Protection of owner equity, public perception, and compliance with laws, regulations and expectations are important governance elements of auditability. The internal control structure of an organization requires the necessary elements to provide assurance at the governance level.
Assessment & Reporting
Self Assessment, Audit Assessment, Management Reporting: To provide assurance, the internal control structure must include management assessment and reporting techniques that demonstrate controls' continuous effectiveness. Management assessment practices should be authenticated by audits to assure their ongoing reliability.
87